Skip to Content
Press Enter

Draft IIA disciplinary & oversight frameworks

Reviewing the Draft D&O Framework

Stakeholder comment period: June 23 – August 29, 2025
Download The IIA’s draft D&O framework Submit your comments

 Two proposed D&O frameworks

The IIA is seeking stakeholder feedback on two proposed disciplinary & oversight (D&O) frameworks: 

  • An update to The IIA’s existing D&O framework for its members
  • A proposed model framework for use by National Institutes within The IIA’s global federation

How stakeholders should submit their comments

Stakeholders should submit their comments through one of the following:

Stakeholders should submit their comments no later than 5:00pm, Friday, August 29, 2025.

Download The IIA’s draft D&O framework

The draft includes the proposed model framework for National Institutes.

D&O suggested questions

To facilitate review of the frameworks, The IIA has included suggested questions below for each framework.

Interested parties should feel free to use those questions as a guide in preparing their comment letters or they are welcome to address their feedback and suggestions through other formats.

The IIA welcomes submissions of not only comment letters but also suggested improvements via tracked change versions of the frameworks.

Suggested questions for the IIA’s proposed D&O framework

  1. Is the scope of conduct covered under the framework appropriate? What additions or deletions, if any, do you recommend?
  2. In the draft framework, The IIA takes the position that it will not take disciplinary action related to membership or credentials for crimes unrelated to internal auditing. While the organization finds many other types of crimes to be appalling and meriting punishment in a court of law, it is a slippery and politically challenging pathway for The IIA to adjudicate on these matters. 
    1. For example, in some countries there are laws that severely restrict freedom of speech and political activities and/or criminalize certain health care choices and the private activities of consenting adults.
    2. Additionally, certain drugs and alcohol are legal in certain jurisdictions while possession is a serious crime in other jurisdictions.
    3. Do you agree or disagree with this position? If you disagree, what crimes should be considered for disciplinary action? 
  3. Is the jurisdictional oversight between The IIA and its federation of national institutes clearly explained?
  4. Are the due process rights of the accused sufficiently explained? Are there any rights that should be added or removed in this section?
  5. Is the adjudication process clear and sufficiently explained? What changes, if any, do you recommend to improve this process?
  6. Is the appeals process clear and sufficiently explained? What changes, if any, do you recommend to improve this process?
  7. Is the scope of potential penalties appropriate? What changes, if any, do you recommend to improve this section of the framework?
  8. Assuming compliance with all applicable privacy and other laws, in what circumstances should The IIA share information about D&O hearings and decisions requested by third parties (e.g., employers, the media, government officials, etc.)?
  9. What challenges and/or risks do you see with the creation of The IIA’s public register of IIA members in good standing and/or its proposed public register of current certification holders? Do you see any legal risks and/or unintended consequences to such a register?  How might those risks/consequences be mitigated?
  10. Is 10 years an appropriate period for recordkeeping related to D&O hearings and decisions? If not, what time frame do you recommend and why?

Suggested questions for the IIA’s proposed model D&O framework for National Institutes

  1. Does your Institute have a D&O framework that’s publicly available on the Institute’s website? (If yes, please include the link.)
  2. Is the scope of conduct covered under the proposed model framework appropriate? What additions or deletions, if any, do you recommend?
  3. In the draft model framework, The IIA suggests that national institutes not take disciplinary action for crimes unrelated to internal auditing. While the organization finds many other types of crimes to be appalling and meriting punishment in a court of law, it is a slippery and politically challenging pathway for national institutes to adjudicate on these matters. 
    1. For example, in some countries there are laws that severely restrict freedom of speech and political activities and/or criminalize certain health care choices and the private activities of consenting adults.
    2. Additionally, certain drugs and alcohol are legal in certain jurisdictions while possession is a serious crime in other jurisdictions.
    3. Do you agree or disagree with this position? If you disagree, what non-internal auditing crimes in your country should be considered for disciplinary action and why?  How does the political or cultural environment in your country inform your views on this?
  4. Is the jurisdictional oversight between The IIA and national institutes clearly explained in the model framework? What clarifications or changes, if any, do you recommend?
  5. Are the due process rights of the accused sufficiently explained? Are there any rights that should be added or removed in this section?
  6. Is the adjudication process clear and sufficiently explained? What changes, if any, do you recommend to improve this process?
  7. Is the appeals process clear and sufficiently explained? What changes, if any, do you recommend to improve this process?
  8. Is the scope of potential penalties appropriate? What changes, if any, do you recommend to improve this section of the framework?
  9. Assuming compliance with all applicable privacy and other laws, in what circumstances should a national institute share information about D&O hearings and decisions requested by third parties (e.g., employers, the media, government officials, etc.)?
  10. What challenges and/or risks do you see with the creation of a public register of national institute members? In your view, how difficult would this be for your institute to implement and maintain?  Do you see any legal risks and/or unintended consequences to such a register?  How might those risks/consequences be mitigated?
  11. Are their political, cultural, legal, or regional considerations missing from the model framework?

Submit your comments by 5:00pm, Friday, August 29, 2025

Submit your comments

You may also email your comments to advocacy@theiia.org.
Please cc Roberto Rosas (Roberto.Rosas@theiia.org) and Veronica Pastor (Veronica.Pastor@theiia.org).

Learn about IIA programs and partners.

We are continually searching for innovative products and services to enhance our members' ability to meet their rising stakeholder demands.